CVE-2023-46118

< 3.11.24

RabbitMQ is a multi-protocol messaging and streaming broker. HTTP API did not enforce an HTTP request body limit, making it vulner

4.9MEDIUM

CVE-2022-31008

< 3.8.32

RabbitMQ is a multi-protocol messaging and streaming broker. In affected versions the shovel and federation plugins perform URI ob

5.5MEDIUM

CVE-2021-32719

< 3.8.18

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.18, when a federation link was displayed in

3.1LOW

CVE-2021-32718

< 3.8.17

RabbitMQ is a multi-protocol messaging broker. In rabbitmq-server prior to version 3.8.17, a new user being added via management U

3.1LOW

CVE-2021-22116

< 3.8.16

RabbitMQ all versions prior to 3.8.16 are prone to a denial of service vulnerability due to improper input validation in AMQP 1.0

7.5HIGH

CVE-2020-36282

>= 1.0.0 and < 1.15.2

JMS Client for RabbitMQ 1.x before 1.15.2 and 2.x before 2.2.0 is vulnerable to unsafe deserialization that can result in code exe

9.8CRITICAL

CVE-2020-5419

< 3.7.28

RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbi

6.7MEDIUM

CVE-2019-11287

>= 3.7.0 and < 3.7.21

Pivotal RabbitMQ, versions 3.7.x prior to 3.7.21 and 3.8.x prior to 3.8.1, and RabbitMQ for Pivotal Platform, 1.16.x versions prio

7.5HIGH

CVE-2019-11291

>= 1.16.0 and < 1.16.7

Pivotal RabbitMQ, 3.7 versions prior to v3.7.20 and 3.8 version prior to v3.8.1, and RabbitMQ for PCF, 1.16.x versions prior to 1.

4.8MEDIUM

CVE-2019-11281

< 3.7.18

Pivotal RabbitMQ, versions prior to v3.7.18, and RabbitMQ for PCF, versions 1.15.x prior to 1.15.13, versions 1.16.x prior to 1.16

4.8MEDIUM

CVE-2019-3800

< 2.1.2

CF CLI version prior to v6.45.0 (bosh release version 1.16.0) writes the client id and secret to its config file when the user aut

6.3MEDIUM

CVE-2018-1279

all versions

Pivotal RabbitMQ for PCF, all versions, uses a deterministically generated cookie that is shared between all machines when configu

8.5HIGH

CVE-2017-4967

all versions

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.

6.1MEDIUM

CVE-2017-4966

all versions

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.

7.8HIGH

CVE-2017-4965

all versions

An issue was discovered in these Pivotal RabbitMQ versions: all 3.4.x versions, all 3.5.x versions, and 3.6.x versions prior to 3.

6.1MEDIUM

CVE-2016-9877

all versions

An issue was discovered in Pivotal RabbitMQ 3.x before 3.5.8 and 3.6.x before 3.6.6 and RabbitMQ for PCF 1.5.x before 1.5.20, 1.6.

9.8CRITICAL

CVE-2015-8786

all versions

The Management plugin in RabbitMQ before 3.6.1 allows remote authenticated users with certain privileges to cause a denial of serv

6.5MEDIUM

CVE-2016-0929

all versions

The metrics-collection component in RabbitMQ for Pivotal Cloud Foundry (PCF) 1.6.x before 1.6.4 logs command lines of failed comma

7.5HIGH

CVE-2014-9568

all versions

puppetlabs-rabbitmq 3.0 through 4.1 stores the RabbitMQ Erlang cookie value in the facts of a node, which allows local users to ob

CVE-2014-9494

<= 3.3.5

RabbitMQ before 3.4.0 allows remote attackers to bypass the loopback_users restriction via a crafted X-Forwareded-For header.